General

  • Target

    894c255bd6199fb245fd2e295de7d2962c73f839ae492de64816ffd4befab5dc.exe

  • Size

    332KB

  • Sample

    241112-sbqyjavfmk

  • MD5

    b72aa6c39d260dfe83aa2c025b8c82c2

  • SHA1

    dbff055939c85a05e6511a14747bfa133f7df5dc

  • SHA256

    894c255bd6199fb245fd2e295de7d2962c73f839ae492de64816ffd4befab5dc

  • SHA512

    3fc362d1f77f27d19b692b1fc97944e1cf7a7748be159ac78a1943f823f7c24f7af01e816989083bda90c38f75141b6d55fc258b4a7d98ef55ea660c9b50972e

  • SSDEEP

    6144:+1m3h5gWchr1R6xie8opqXgKTpgtYOWlGmMvkqAlDiyUvpQf4vt74mD50e4mgUtX:om3h41RFpogXnV4MlGN1AlDkvXvtxDWY

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      894c255bd6199fb245fd2e295de7d2962c73f839ae492de64816ffd4befab5dc.exe

    • Size

      332KB

    • MD5

      b72aa6c39d260dfe83aa2c025b8c82c2

    • SHA1

      dbff055939c85a05e6511a14747bfa133f7df5dc

    • SHA256

      894c255bd6199fb245fd2e295de7d2962c73f839ae492de64816ffd4befab5dc

    • SHA512

      3fc362d1f77f27d19b692b1fc97944e1cf7a7748be159ac78a1943f823f7c24f7af01e816989083bda90c38f75141b6d55fc258b4a7d98ef55ea660c9b50972e

    • SSDEEP

      6144:+1m3h5gWchr1R6xie8opqXgKTpgtYOWlGmMvkqAlDiyUvpQf4vt74mD50e4mgUtX:om3h41RFpogXnV4MlGN1AlDkvXvtxDWY

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks